Security News > 2021 > August > Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software

Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software
2021-08-03 12:42

Cisco has addressed a vulnerability in the Firepower Device Manager On-Box software that could be exploited to gain code execution on vulnerable devices.

FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics capabilities.

Tracked as CVE-2021-1518 and rated medium severity, the remote code execution vulnerability was discovered by Positive Technologies security researchers Nikita Abramov and Mikhail Klyuchnikov in the REST API of FDM On-Box.

To exploit the vulnerability, an attacker needs to send a special HTTP request to the API subsystem of a vulnerable device.

Cisco addressed the issue with the release of software versions 6.4.0.12, 6.4.4, and 6.7.0.2.

Cisco says it's not aware of the vulnerability being exploited in the wild.


News URL

http://feedproxy.google.com/~r/securityweek/~3/AdsO8jF2qck/code-execution-flaw-found-cisco-firepower-device-manager-box-software

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-1518 Code Injection vulnerability in Cisco Firepower Device Manager On-Box
A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device.
network
low complexity
cisco CWE-94
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4448 234 3132 1870 609 5845